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Remarks 

Claims 31-91 are pending. 

Response to Arguments 

1. Applicant's arguments, see Pages 14-15 of the Remarks, filed 8/29/2005, with 
respect to the rejection(s) of claim(s) 1-30 under 35 U.S.C. 102(e) and 103(a) have 
been fully considered and are persuasive. Therefore, the rejection has been withdrawn. 
However, upon further consideration, a new ground(s) of rejection is made with Comay 
(U.S. Patent 6,363,489) in view of Cheng (U.S. Patent 6,738,909) or Lyie (U.S. Patent 
6,886.102). 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claims 31, 32, 34-37, 41-45. 48-54, 56-58. 60-62, 64-67, 71-75, 78-84. 86-88, 
90, and 91 are rejected under 35 U.S.C. 102(e) as being anticipated by Comay (U.S. 
Patent 6,363,489). 

Regarding Claim 31, 
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Comay discloses a system for protecting a distributed network from 
unauthorized access, the system comprising: 

An intrusion detection system (mark provisioning module) (Column 
4, line 61 to Column 5, line 14), including: 

An intrusion detection module (Column 4, line 61 to Column 5, line 
14), and 

A communications management module (entry point) coupled to 
the intrusion detection module (Column 4, line 61 to Column 5, line 14); 
and 

An intrusion analysis system (intrusion detection module/intrusion 
diversion module) coupled to the intrusion detection system (Column 5, 
lines 15-60), and including: 

An intrusion analysis module (Column 5, lines 15-43), and 

An intrusion reaction coordination module coupled to the intrusion 
analysis module (Column 5, lines 15-43), 

Wherein the intrusion detection module detects a possible 
unauthorized access attempt into or within a distributed network being 
protected (Column 4, line 61 to Column 5, line 14), 

The communications management module is coupled to the 
intrusion analysis module and forwards to the intrusion analysis module 
information regarding the detected possible unauthorized access attempt 
(Column 5, lines 15-43), 
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The intrusion analysis module determines based on the information 
regarding the detected possible unauthorized access attempt whether or 
not the detected possible unauthorized access attempt is authorized 
(Column 5, lines 15-60), 

If the intrusion analysis module determines that the detected 
possible unauthorized access attempt is authorized, the intrusion analysis 
module forwards, via the communications management module, 
information to the intrusion detection module that the possible 
unauthorized access attempt is authorized (Column 5, lines 15-31), and 

If the intrusion analysis module determines that the detected 
possible unauthorized access attempt is not authorized, the intrusion 
analysis module determines, via the intrusion reaction coordination 
module, appropriate actions, including forwarding information regarding 
the detected unauthorized access attempt to a monitoring center, and 
processing information from the monitoring center regarding the detected 
unauthorized access attempt (Column 5, lines 32-60; and Column 6, lines 
57-68). 
Regarding Claim 61, 

Claim 61 is a method claim that corresponds to system claim 31 
and is rejected for the same reasons. 
Regarding Claim 91, 
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Claim 91 is a computer readable medium containing instructions 
claim that corresponds to system claim 31 and is rejected for the same 
reasons. 
Regarding Claim 32, 

Comay discloses that the intrusion analysis system in cooperation 
with the intrusion detection system enable communications between a 
monitoring center and an entity attempting the unauthorized access 
attempt without the entity being made aware that the entity attempting the 
unauthorized access attempt is communicating with the monitoring center 
(Column 5, lines 32-60). 
Regarding Claim 62, 

Claim 62 is a method claim that corresponds to system claim 32 
and is rejected for the same reasons. 
Regarding Claim 34, 

Comay discloses that the communications from the monitoring 
center to the entity attempting the unauthorized access attempt are 
modified, via the intrusion analysis system and the intrusion detection 
system, to appear as if the communications originate from the distributed 
network being protected (Column 5, lines 32-60). 
Regarding Claim 64, 

Claim 64 is a method claim that corresponds to system claim 34 
and is rejected for the same reasons. 
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Regarding Claim 35, 

Comay discloses that the intrusion analysis system logs information 
regarding communications with the entity attempting the unauthorized 
access attempt (Column 5, lines 15-31). 
Regarding Claim 65, 

Claim 65 is a method claim that corresponds to system claim 35 
and is rejected for the same reasons. 
Regarding Claim 36, 

Comay discloses that the intrusion analysis system in cooperation 
with the intrusion detection system engages the entity attempting the 
unauthorized access attempt to determine the location or origin of the 
entity attempting the unauthorized access attempt (Column 5, lines 32- 
60). 

Regarding Claim 66, 

Claim 66 is a method claim that corresponds to system claim 36 
and is rejected for the same reasons. 
Regarding Claim 37, 

Comay discloses that the monitoring center sends information to 
the analysis system and intended for the entity attempting the 
unauthorized access attempt, the analysis system substitutes origin 
information of the monitoring center from the received information with 
origin information of a target of the unauthorized access attempt and 
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forwards the substituted information to the entity attempting the 
unauthorized access attempt, whereby it appears to the entity attempting 
the unauthorized access attempt that communications are continuing with 
the target of the unauthorized access attempt (Column 5, lines 32-60). 

Regarding Claim 67, 

Claim 67 is a method claim that corresponds to system claim 37 
and is rejected for the same reasons. 

Regarding Claim 41, 

Comay discloses a database, wherein the intrusion analysis 
module employs the database, including information regarding previous 
unauthorized access attempts, to determine whether or not the detected 
possible unauthorized access attempt is authorized (Column 5, lines 15- 

31). 

Regarding Claim 71, 

Claim 71 is a method claim that corresponds to system claim 41 
and is rejected for the same reasons. 
Regarding Claim 42, 

Comay discloses that the database includes profiles of information 
related to one or more entities associated with the previous unauthorized 
access attempts, including origin information regarding the previous 
unauthorized access attempts (Column 5, lines 15-31). 
Regarding Claim 72, 
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Claim 72 is a method claim that corresponds to system claim 42 
and is rejected for the same reasons. 
Regarding Claim 43, 

Comay discloses that the intrusion analysis module is configured to 
query the database to determine whether or not the possible unauthorized 
access attempt is an error in communications, including a bit error 
(Column 4, line 61 to Column 5, line 31). 
Regarding Claim 73, 

Claim 73 is a method claim that corresponds to system claim 43 
and is rejected for the same reasons. 
Regarding Claim 44, 

Comay discloses that the intrusion analysis module is configured to 
determine based on historical profiles, and previous unauthorized access 
attempts whether or not the detected possible unauthorized access 
attempt is authorized (Column 5, lines 15-31). 
Regarding Claim 74, 

Claim 74 is a method claim that corresponds to system claim 44 
and is rejected for the same reasons. 
Regarding Claim 45, 

Comay discloses that the intrusion reaction coordination module 
determines the appropriate actions based on a number of previous 
unauthorized access attempts, and a nature of the unauthorized access 
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attempt, including destructiveness of packets received during the 
unauthorized access attempt (Column 5, lines 15-60; and Column 6, lines 
57-68). 

Regarding Claim 75, 

Claim 75 is a method claim that corresponds to system claim 45 
and is rejected for the same reasons. 

Regarding Claim 48, 

Comay discloses that if the intrusion reaction coordination module 
determines that a responsive or retaliatory action is not required, the 
intrusion reaction coordination module instructs the intrusion detection 
module to block communications from an entity attempting the 
unauthorized access attempt (Column 5, lines 15-60; and Column 6, lines 
57-68). 

Regarding Claim 78, 

Claim 78 is a method claim that corresponds to system claim 48 
and is rejected for the same reasons. 

Regarding Claim 49, 

Comay discloses that if the intrusion reaction coordination module 
determines that a responsive or retaliatory action is not required, the 
intrusion reaction coordination module instructs the intrusion detection 
module to block communications from an entity that matches one or more 
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characteristics of the unauthorized access attempt (Column 5, lines 15-60; 
and Column 6, lines 57-68). 
Regarding Claim 79, 

Claim 79 is a method claim that corresponds to system claim 49 
and Is rejected for the same reasons. 
Regarding Claim 50, 

Comay discloses that the intrusion reaction coordination module 
logs information regarding an entity attempting the unauthorized access 
attempt to the database for use in a future unauthorized access attempt by 
the entity (Column 5, lines 15-31). 
Regarding Claim 80, 

Claim 80 is a method claim that corresponds to system claim 50 
and is rejected for the same reasons. 
Regarding Claim 51, 

Comay discloses that the intrusion analysis module is configured to 
store information regarding an address to which the unauthorized access 
attempt was directed for use by the intrusion reaction coordination module 
to determine the appropriate actions (Column 5, lines 15-31). 
Regarding Claim 81, 

Claim 81 is a method claim that corresponds to system claim 51 
and is rejected for the same reasons. 
Regarding Claim 52, 
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Comay discloses that upon receipt of a communication from the 
monitoring center, the intrusion detection system in cooperation with the 
intrusion analysis system analyze the communication, determines address 
information of a source of the communication from the monitoring center, 
and removes the address information from the communication from the 
monitoring center leaving the remaining information for further analysis 
(Column 4, line 61 to Column 5, line 60). 

Regarding Claim 82, 

Claim 82 is a method claim that corresponds to system claim 52 
and is rejected for the same reasons. 

Regarding Claim 53, 

Comay discloses that the address information of the source of the 
communication from the monitoring center is stored in the database, and 
the intrusion analysis module is configured to use the address information 
to communicate information to the monitoring center (Column 5, lines 15- 
60), including information regarding a response to a password request by 
an entity attempting the unauthorized access attempt (Column 8, lines 9- 
26). 

Regarding Claim 83, 

Claim 83 is a method claim that corresponds to system claim 53 
and is rejected for the same reasons. 
Regarding Claim 54, 
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Comay discloses that the intrusion detection system in cooperation 
with the intrusion analysis system conceals the identity of the monitoring 
center, communicates information with the monitoring center, and screens 
underlying content in the communicated information, including removing 
sensitive information from the communicated information (Column 5, lines 
32-60). 
Regarding Claim 84, 

Claim 84 is a method claim that corresponds to system claim 54 
and is rejected for the same reasons. 
Regarding Claim 56, 

Comay discloses that the intrusion detection system and the 
intrusion analysis system cooperate with the monitoring center to aid in 
detecting a source of the unauthorized access attempt (Column 4, line 61 
to Column 5, line 60). 
Regarding Claim 86, 

Claim 86 is a method claim that corresponds to system claim 56 
and is rejected for the same reasons. 
Regarding Claim 57, 

Comay discloses that the intrusion detection system in cooperation 
with the intrusion analysis system receives from the monitoring center 
information regarding unauthorized accesses or access attempts into 
distributed networks (Column 5, lines 32-60). 
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Regarding Claim 87, 

Claim 87 is a method claim that corresponds to system claim 57 
and is rejected for the same reasons. 
Regarding Claim 58, 

Comay discloses that the intrusion detection system in cooperation 
with the intrusion analysis system analyzes the information regarding 
unauthorized accesses or access attempts into the distributed networks 
received from the monitoring center to determine if the received 
information matches a profile or has characteristics to one or more known 
unauthorized access attempts (Column 5, lines 32-60). 
Regarding Claim 88, 

Claim 88 is a method claim that corresponds to system claim 58 
and is rejected for the same reasons. 
Regarding Claim 60, 

Comay discloses that the system is implemented with one or more 
hardware and or software components (Column 4, lines 48-60). 
Regarding Claim 90, 

Claim 90 is a method claim that corresponds to system claim 60 
and is rejected for the same reasons. 



Claim Rejections - 35 (JSC § 103 



Application/Control Number: 09/925,503 
Art Unit: 2137 



Page 14 



The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 33 and 63 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Comay in view of Cheng (U.S. Patent 6,738,909), 

Regarding Claim 33, 

Comay discloses communications between the intrusion analysis 
system and the monitoring center (Column 5, lines 31-60), but does not 
disclose that the communications are performed via a secure tunnel. 

Cheng, however, discloses communications being performed via a 
secure tunnel (Column 6, lines 1 1-22). It would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to incorporate 
the secure tunnel of Cheng into the intrusion detection system of Comay 
in order to protect the data in this communication, providing data integrity, 
authenticity, and confidentiality. 
Regarding Claim 63, 

Claim 63 is a method claim that corresponds to system claim 33 
and is rejected for the same reasons. 

4. Claims 38-40, 46, 47, 55, and 59 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Comay in view of Lyie (U.S. Patent 6,886,102). 
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Regarding Claim 38, 

Comay discloses detecting that the possible unauthorized access 
attempt into the distributed network being protected is external to the 
network being protected (Column 4, line 61 to Column 5, line 31), but does 
not disclose detecting that the possible unauthorized access attempt is 
internal to the network being protected. 

Lyie, however, discloses detecting that the possible unauthorized 
access attempt is internal to the network being protected (Column 7, lines 
9-18). It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the DoS protection system of 
LyIe into the intrusion detection system of Comay in order to provide a 
mechanism by which to share attack information dynamically and 
automatically between networks, allowing networks to cooperate on 
tracing an attack and to take corrective actions regarding the attack 
(Column 2, lines 20-31). 
Regarding Claim 68, 

Claim 68 is a method claim that corresponds to system claim 38 
and is rejected for the same reasons. 
Regarding Claim 39, 

Comay discloses the intrusion detection module fonA/ards via the 
communications management module information regarding the possible 
unauthorized access attempt to the intrusion analysis module, and the 
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intrusion analysis module evaluates the received information and if the 
intrusion analysis module determines that the possible unauthorized 
access attempt is not authorized, the intrusion analysis module 
determines whether or not a retaliatory action should be taken, including 
handling the unauthorized access attempt internally or providing 
information to the monitoring center regarding the unauthorized access 
attempt (Column 5, lines 15-60), but does not disclose that the possible 
unauthorized access attempt is internal to the network being protected. 

Lyie, however, discloses that the possible unauthorized access 
attempt is internal to the network being protected (Column 7, lines 9-18). 
It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the DoS protection system of Lyie into 
the intrusion detection system of Comay in order to provide a mechanism 
by which to share attack information dynamically and automatically 
between networks, allowing networks to cooperate on tracing an attack 
and to take corrective actions regarding the attack (Column 2, lines 20- 
31). 

Regarding Claim 69, 

Claim 69 is a method claim that corresponds to system claim 39 
and is rejected for the same reasons. 
Regarding Claim 40, 
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Comay does not disclose that the monitoring center includes a law 
enforcement entity. 

Lyie, however, discloses that the monitoring center includes a law 
enforcement entity (Column 1, lines 39-54). It would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to 
incorporate the DoS protection system of Lyie into the intrusion detection 
system of Comay in order to provide a mechanism by which to share 
attack information dynamically and automatically between networks, 
allowing networks to cooperate on tracing an attack and to take corrective 
actions regarding the attack (Column 2, lines 20-31). 
Regarding Claim 70, 

Claim 70 is a method claim that corresponds to system claim 40 
and is rejected for the same reasons. 
Regarding Claim 46, 

Comay discloses that the intrusion reaction coordination module, to 
determine the appropriate actions, analyzes the information received by 
the intrusion detection module, historical information regarding 
unauthorized access attempts, source and destination ports of 
unauthorized access attempts, and IP address information of unauthorized 
access attempts (Column 5, lines 15-60), but does not disclose receiving 
information from a central repository that catalogs information related to 
unauthorized access attempts from one or more other protected networks. 
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Lyie, however, discloses receiving information from a central 
repository that catalogs information related to unauthorized access 
attempts from one or more other protected networks (Column 9, lines 38- 
65). It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the DoS protection system of 
LyIe into the intrusion detection system of Comay in order to provide a 
mechanism by which to share attack information dynamically and 
automatically between networks, allowing networks to cooperate on 
tracing an attack and to take corrective actions regarding the attack 
(Column 2, lines 20-31). 
Regarding Claim 76, 

Claim 76 is a method claim that corresponds to system claim 46 
and is rejected for the same reasons. 
Regarding Claim 47, 

Comay as modified by LyIe discloses the system of claim 46, in 
addition, LyIe discloses that the analysis is based on at least one of a 
look-up table, a neural network analysis, and a predetermined event 
sequence (Column 9, lines 38-65). 
Regarding Claim 77, 

Claim 77 is a method claim that corresponds to system claim 47 
and is rejected for the same reasons. 
Regarding Claim 55, 
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Comay discloses that the intrusion detection system in cooperation 
with the intrusion analysis system screens and removes sensitive 
information, such as removing content originating from a predetermined 
location (Column 5, lines 32-60), but does not disclose using a policy file 
to regulate the screening and removing of the sensitive information, 
including removing all content or core information, removing content 
having certain words, and removing content originating from a 
predetermined location. 

Lyie, however, discloses using a policy file to regulate the 
screening and removing of the sensitive information, including removing 
all content or core information, and removing content having certain words 
(Column 9, line 66 to Column 10, line 43). It would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to 
incorporate the DoS protection system of LyIe into the intrusion detection 
system of Comay in order to provide a mechanism by which to share 
attack information dynamically and automatically between networks, 
allowing networks to cooperate on tracing an attack and to take corrective 
actions regarding the attack (Column 2, lines 20-31). 

Regarding Claim 85, 

Claim 85 is a method claim that corresponds to system claim 55 
and is rejected for the same reasons. 

Regarding Claim 59, 
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Comay discloses that upon detection of an unauthorized access 
attempt, the intrusion detection system in cooperation with the intrusion 
analysis system forwards information regarding the unauthorized access 
attempt to the monitoring center (Column 5, lines 32-60), but does not 
disclose including this information in a central database that maintains 
information regarding the unauthorized accesses or access attempts into 
the distributed networks. 

Lyie, however, discloses including information regarding 
unauthorized access attempts in a central database that maintains 
information regarding the unauthorized accesses or access attempts into 
the distributed networks (Column 9, lines 38-65). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's invention 
to incorporate the DoS protection system of LyIe into the intrusion 
detection system of Comay in order to provide a mechanism by which to 
share attack information dynamically and automatically between networks, 
allowing networks to cooperate on tracing an attack and to take corrective 
actions regarding the attack (Column 2, lines 20-31). 
Regarding Claim 89, 

Claim 89 is a method claim that corresponds to system claim 59 
and is rejected for the same reasons. 



Conclusion 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeffrey D. Popham whose telephone number is (571)- 

272- 7215. The examiner can normally be reached on M-F 9:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571)272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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